refactor: Refactor Tekton Triggers components deployment (#130)

* Now GitServers are the list of objects
* Remove logic from EventListener to Tekton Triggers
* Consume GITLAB_HOST_URL from Event Payload and not from
  templating

JIRA: EPMDEDP-13302

Signed-off-by: Sergiy Kulanov <[email protected]>
Change-Id: Ied986df9e329a1966f0a4e3d0074087dc1699e11

charts/common-library/README.md

@@ -26,8 +26,5 @@ Common library that holds steps for EDP pipelines
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| github.webhook.existingSecret | string | `"github"` | Existing secret which holds GitHub integration credentials: Username, Access Token, Secret String and Private SSH Key |
-| gitlab.host | string | `"gitlab.com"` | The GitLab host, adjust this if you run a GitLab enterprise. Default: gitlab.com |
-| gitlab.webhook.existingSecret | string | `"gitlab"` | Existing secret which holds GitLab integration credentials: Username, Access Token, Secret String and Private SSH Key |
 | global.gerritSSHPort | string | `"30003"` | Gerrit SSH node port |
 | tekton.resources | object | `{"limits":{"cpu":"2","memory":"3Gi"},"requests":{"cpu":"0.5","memory":"2Gi"}}` | The resource limits and requests for the Tekton Tasks |

charts/common-library/templates/_common_github.yaml

@@ -46,7 +46,7 @@
     - name: AUTH_TYPE
       value: Token
     - name: GITHUB_TOKEN_SECRET_NAME
-      value: {{ .Values.github.webhook.existingSecret }}
+      value: ci-github
     - name: GITHUB_TOKEN_SECRET_KEY
       value: token
     - name: SHA
@@ -109,7 +109,7 @@ finally:
       - name: AUTH_TYPE
         value: Token
       - name: GITHUB_TOKEN_SECRET_NAME
-        value: {{ .Values.github.webhook.existingSecret }}
+        value: ci-github
       - name: GITHUB_TOKEN_SECRET_KEY
         value: token
       - name: SHA
@@ -135,7 +135,7 @@ finally:
       - name: AUTH_TYPE
         value: Token
       - name: GITHUB_TOKEN_SECRET_NAME
-        value: {{ .Values.github.webhook.existingSecret }}
+        value: ci-github
       - name: GITHUB_TOKEN_SECRET_KEY
         value: token
       - name: SHA

charts/common-library/templates/_common_gitlab.yaml

@@ -40,11 +40,11 @@
     - name: "STATE"
       value: "pending"
     - name: "GITLAB_HOST_URL"
-      value: "{{ .Values.gitlab.host }}"
+      value: "$(params.git-source-url)"
     - name: "REPO_FULL_NAME"
       value: "$(params.gitfullrepositoryname)"
     - name: "GITLAB_TOKEN_SECRET_NAME"
-      value: {{ .Values.gitlab.webhook.existingSecret }}
+      value: ci-gitlab
     - name: "GITLAB_TOKEN_SECRET_KEY"
       value: token
     - name: "SHA"
@@ -106,11 +106,11 @@ finally:
       - name: "STATE"
         value: "success"
       - name: "GITLAB_HOST_URL"
-        value: "{{ .Values.gitlab.host }}"
+        value: "$(params.git-source-url)"
       - name: "REPO_FULL_NAME"
         value: "$(params.gitfullrepositoryname)"
       - name: "GITLAB_TOKEN_SECRET_NAME"
-        value: {{ .Values.gitlab.webhook.existingSecret }}
+        value: ci-gitlab
       - name: "GITLAB_TOKEN_SECRET_KEY"
         value: token
       - name: "SHA"
@@ -134,11 +134,11 @@ finally:
       - name: "STATE"
         value: "failed"
       - name: "GITLAB_HOST_URL"
-        value: "{{ .Values.gitlab.host }}"
+        value: "$(params.git-source-url)"
       - name: "REPO_FULL_NAME"
         value: "$(params.gitfullrepositoryname)"
       - name: "GITLAB_TOKEN_SECRET_NAME"
-        value: {{ .Values.gitlab.webhook.existingSecret }}
+        value: ci-gitlab
       - name: "GITLAB_TOKEN_SECRET_KEY"
         value: token
       - name: "SHA"

charts/common-library/values.yaml

@@ -6,18 +6,6 @@ global:
   # -- Gerrit SSH node port
   gerritSSHPort: "30003"
 
-github:
-  webhook:
-    # -- Existing secret which holds GitHub integration credentials: Username, Access Token, Secret String and Private SSH Key
-    existingSecret: github
-
-gitlab:
-  # -- The GitLab host, adjust this if you run a GitLab enterprise. Default: gitlab.com
-  host: gitlab.com
-  webhook:
-    # -- Existing secret which holds GitLab integration credentials: Username, Access Token, Secret String and Private SSH Key
-    existingSecret: gitlab
-
 tekton:
   # --The resource limits and requests for the Tekton Tasks
   resources:

charts/pipelines-library/README.md

@@ -93,25 +93,47 @@ Follows [Tekton Interceptor](https://tekton.dev/vault/triggers-main/clusterinter
 | dashboard.resources | object | `{"limits":{"cpu":"60m","memory":"70Mi"},"requests":{"cpu":"50m","memory":"40Mi"}}` | The resource limits and requests for the Tekton Dashboard |
 | dashboard.tolerations | list | `[]` | Toleration labels for pod assignment |
 | dashboard.triggersNamespace | string | `"tekton-pipelines"` | Namespace where cluster tekton triggers deployed. Default: tekton-pipelines |
-| eventListener.affinity | object | `{}` | Affinity settings for pod assignment |
-| eventListener.enabled | bool | `true` | Deploy eventListener as a part of pipeline library when true. Default: true |
-| eventListener.ingress.annotations | object | `{}` | Annotations for Ingress resource |
-| eventListener.ingress.enabled | bool | `true` | Deploy EDP with eventListener ingress as a part of pipeline library when true. Default: true |
-| eventListener.ingress.tls | list | `[]` | Ingress TLS configuration |
-| eventListener.nodeSelector | object | `{}` | Node labels for pod assignment |
-| eventListener.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | The resource limits and requests for the Tekton eventListener |
-| eventListener.tolerations | list | `[]` | Toleration labels for pod assignment |
 | fullnameOverride | string | `""` |  |
-| github.host | string | `"github.com"` | The GitHub host, adjust this if you run a GitHub enterprise. Default: github.com |
-| github.webhook.existingSecret | string | `"ci-github"` | Existing secret which holds GitHub integration credentials: Username, Access Token, Secret String and Private SSH Key |
-| github.webhook.skipWebhookSSLVerification | bool | `false` | If true, webhook ssl verification will be skipped. Default: false |
-| gitlab.host | string | `"gitlab.com"` | The GitLab host, adjust this if you run a GitLab enterprise. Default: gitlab.com |
-| gitlab.webhook.existingSecret | string | `"ci-gitlab"` | Existing secret which holds GitLab integration credentials: Username, Access Token, Secret String and Private SSH Key |
-| gitlab.webhook.skipWebhookSSLVerification | bool | `false` | If true, webhook ssl verification will be skipped. Default: false |
+| gitServers[0].eventListener.affinity | object | `{}` | Affinity for EventListener pod assignment |
+| gitServers[0].eventListener.enabled | bool | `true` | Enable EventListener |
+| gitServers[0].eventListener.ingress.annotations | object | `{}` | Ingress annotations |
+| gitServers[0].eventListener.ingress.enabled | bool | `true` | Enable ingress controller resource |
+| gitServers[0].eventListener.ingress.tls | list | `[]` | Ingress TLS configuration |
+| gitServers[0].eventListener.nodeSelector | object | `{}` | Node labels for EventListener pod assignment |
+| gitServers[0].eventListener.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | EventListener resources |
+| gitServers[0].eventListener.tolerations | list | `[]` | Tolerations for EventListener pod assignment |
+| gitServers[0].gitProvider | string | `"github"` |  |
+| gitServers[0].host | string | `"github.com"` |  |
+| gitServers[0].name | string | `"my-github"` |  |
+| gitServers[0].webhook.skipWebhookSSLVerification | bool | `false` |  |
+| gitServers[1].eventListener.affinity | object | `{}` | Affinity for EventListener pod assignment |
+| gitServers[1].eventListener.enabled | bool | `true` | Enable EventListener |
+| gitServers[1].eventListener.ingress.annotations | object | `{}` | Ingress annotations |
+| gitServers[1].eventListener.ingress.enabled | bool | `true` | Enable ingress controller resource |
+| gitServers[1].eventListener.ingress.tls | list | `[]` | Ingress TLS configuration |
+| gitServers[1].eventListener.nodeSelector | object | `{}` | Node labels for EventListener pod assignment |
+| gitServers[1].eventListener.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | EventListener resources |
+| gitServers[1].eventListener.tolerations | list | `[]` | Tolerations for EventListener pod assignment |
+| gitServers[1].gitProvider | string | `"gitlab"` |  |
+| gitServers[1].host | string | `"gitlab.com"` |  |
+| gitServers[1].name | string | `"my-gitlab"` |  |
+| gitServers[1].webhook.skipWebhookSSLVerification | bool | `false` |  |
+| gitServers[2].eventListener.affinity | object | `{}` | Affinity for EventListener pod assignment |
+| gitServers[2].eventListener.enabled | bool | `true` | Enable EventListener |
+| gitServers[2].eventListener.ingress.annotations | object | `{}` | Ingress annotations |
+| gitServers[2].eventListener.ingress.enabled | bool | `true` | Enable ingress controller resource |
+| gitServers[2].eventListener.ingress.tls | list | `[]` | Ingress TLS configuration |
+| gitServers[2].eventListener.nodeSelector | object | `{}` | Node labels for EventListener pod assignment |
+| gitServers[2].eventListener.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | EventListener resources |
+| gitServers[2].eventListener.tolerations | list | `[]` | Tolerations for EventListener pod assignment |
+| gitServers[2].gitProvider | string | `"gerrit"` |  |
+| gitServers[2].host | string | `"gerrit.example.com"` |  |
+| gitServers[2].name | string | `"my-gerrit"` |  |
+| gitServers[2].webhook.skipWebhookSSLVerification | bool | `false` |  |
 | global.dnsWildCard | string | `""` | a cluster DNS wildcard name |
 | global.dockerRegistry.type | string | `"ecr"` | Define Image Registry that will to be used in Pipelines. Can be ecr (default), harbor, dockerhub |
 | global.dockerRegistry.url | string | `"<AWS_ACCOUNT_ID>.dkr.ecr.<AWS_REGION>.amazonaws.com/<registry_space>"` | Docker Registry endpoint. In dockerhub case the URL must be specified in accordance with the Kaniko name convention (docker.io/<registry_space>) |
-| global.gitProviders | list | `["github"]` | Deploy Kubernetes Resources for the specific Git Provider. Can be gerrit, gitlab, github (default) |
+| global.gitProviders | list | `["github","gitlab","gerrit"]` | Deploy Kubernetes Resources for the specific Git Provider. Can be gerrit, gitlab, github (default) |
 | global.platform | string | `"kubernetes"` | platform type that can be "kubernetes" or "openshift" |
 | interceptor.affinity | object | `{}` | Affinity settings for pod assignment |
 | interceptor.enabled | bool | `true` | Deploy EDP interceptor as a part of pipeline library when true. Default: true |

charts/pipelines-library/templates/_helpers.tpl

@@ -40,3 +40,16 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
+
+
+{{/*
+Validate values of gitProviders
+*/}}
+{{- define "edp-tekton.validateGitProviders" -}}
+{{- $allowedProviders := list "github" "gitlab" "gerrit" -}}
+{{- range .Values.global.gitProviders }}
+  {{- if not (has . $allowedProviders) }}
+    {{- printf "Error: Invalid gitProvider %s. The gitProvider must be one of: %s" . (join ", " $allowedProviders) | fail }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/pipelines-library/templates/pipelines/docker/kaniko/github-review.yaml

@@ -47,7 +47,7 @@ spec:
         - name: AUTH_TYPE
           value: Token
         - name: GITHUB_TOKEN_SECRET_NAME
-          value: {{ .Values.github.webhook.existingSecret }}
+          value: ci-github
         - name: GITHUB_TOKEN_SECRET_KEY
           value: token
         - name: SHA

charts/pipelines-library/templates/pipelines/docker/kaniko/gitlab-review.yaml

@@ -38,11 +38,11 @@ spec:
         - name: "STATE"
           value: "pending"
         - name: "GITLAB_HOST_URL"
-          value: "{{ .Values.gitlab.host }}"
+          value: "$(params.git-source-url)"
         - name: "REPO_FULL_NAME"
           value: "$(params.gitfullrepositoryname)"
         - name: "GITLAB_TOKEN_SECRET_NAME"
-          value: {{ .Values.gitlab.webhook.existingSecret }}
+          value: ci-gitlab
         - name: "GITLAB_TOKEN_SECRET_KEY"
           value: token
         - name: "SHA"

charts/pipelines-library/templates/pipelines/helm-pipelines/github-review-lib.yaml

@@ -55,7 +55,7 @@ spec:
         - name: AUTH_TYPE
           value: Token
         - name: GITHUB_TOKEN_SECRET_NAME
-          value: {{ .Values.github.webhook.existingSecret }}
+          value: ci-github
         - name: GITHUB_TOKEN_SECRET_KEY
           value: token
         - name: SHA

charts/pipelines-library/templates/pipelines/helm-pipelines/gitlab-review-lib.yaml

@@ -47,11 +47,11 @@ spec:
         - name: "STATE"
           value: "pending"
         - name: "GITLAB_HOST_URL"
-          value: "{{ .Values.gitlab.host }}"
+          value: "$(params.git-source-url)"
         - name: "REPO_FULL_NAME"
           value: "$(params.gitfullrepositoryname)"
         - name: "GITLAB_TOKEN_SECRET_NAME"
-          value: {{ .Values.gitlab.webhook.existingSecret }}
+          value: ci-gitlab
         - name: "GITLAB_TOKEN_SECRET_KEY"
           value: token
         - name: "SHA"

charts/pipelines-library/templates/pipelines/helm/github-review-lib.yaml

@@ -64,7 +64,7 @@ spec:
         - name: AUTH_TYPE
           value: Token
         - name: GITHUB_TOKEN_SECRET_NAME
-          value: {{ .Values.github.webhook.existingSecret }}
+          value: ci-github
         - name: GITHUB_TOKEN_SECRET_KEY
           value: token
         - name: SHA

charts/pipelines-library/templates/pipelines/helm/github-review.yaml

@@ -55,7 +55,7 @@ spec:
         - name: AUTH_TYPE
           value: Token
         - name: GITHUB_TOKEN_SECRET_NAME
-          value: {{ .Values.github.webhook.existingSecret }}
+          value: ci-github
         - name: GITHUB_TOKEN_SECRET_KEY
           value: token
         - name: SHA

charts/pipelines-library/templates/pipelines/helm/gitlab-review-lib.yaml

@@ -56,11 +56,11 @@ spec:
         - name: "STATE"
           value: "pending"
         - name: "GITLAB_HOST_URL"
-          value: "{{ .Values.gitlab.host }}"
+          value: "$(params.git-source-url)"
         - name: "REPO_FULL_NAME"
           value: "$(params.gitfullrepositoryname)"
         - name: "GITLAB_TOKEN_SECRET_NAME"
-          value: {{ .Values.gitlab.webhook.existingSecret }}
+          value: ci-gitlab
         - name: "GITLAB_TOKEN_SECRET_KEY"
           value: token
         - name: "SHA"

charts/pipelines-library/templates/pipelines/helm/gitlab-review.yaml

@@ -47,11 +47,11 @@ spec:
         - name: "STATE"
           value: "pending"
         - name: "GITLAB_HOST_URL"
-          value: "{{ .Values.gitlab.host }}"
+          value: "$(params.git-source-url)"
         - name: "REPO_FULL_NAME"
           value: "$(params.gitfullrepositoryname)"
         - name: "GITLAB_TOKEN_SECRET_NAME"
-          value: {{ .Values.gitlab.webhook.existingSecret }}
+          value: ci-gitlab
         - name: "GITLAB_TOKEN_SECRET_KEY"
           value: token
         - name: "SHA"

charts/pipelines-library/templates/pipelines/js/npm/antora/github-review.yaml

@@ -66,7 +66,7 @@ spec:
         - name: AUTH_TYPE
           value: Token
         - name: GITHUB_TOKEN_SECRET_NAME
-          value: {{ $.Values.github.webhook.existingSecret }}
+          value: ci-github
         - name: GITHUB_TOKEN_SECRET_KEY
           value: token
         - name: SHA

charts/pipelines-library/templates/pipelines/js/npm/antora/gitlab-review.yaml

@@ -57,11 +57,11 @@ spec:
         - name: "STATE"
           value: "pending"
         - name: "GITLAB_HOST_URL"
-          value: "{{ $.Values.gitlab.host }}"
+          value: "$(params.git-source-url)"
         - name: "REPO_FULL_NAME"
           value: "$(params.gitfullrepositoryname)"
         - name: "GITLAB_TOKEN_SECRET_NAME"
-          value: {{ $.Values.gitlab.webhook.existingSecret }}
+          value: ci-gitlab
         - name: "GITLAB_TOKEN_SECRET_KEY"
           value: token
         - name: "SHA"

charts/pipelines-library/templates/pipelines/opa/github-review-lib.yaml

@@ -51,7 +51,7 @@ spec:
         - name: AUTH_TYPE
           value: Token
         - name: GITHUB_TOKEN_SECRET_NAME
-          value: {{ .Values.github.webhook.existingSecret }}
+          value: ci-github
         - name: GITHUB_TOKEN_SECRET_KEY
           value: token
         - name: SHA

charts/pipelines-library/templates/pipelines/opa/gitlab-review-lib.yaml

@@ -42,11 +42,11 @@ spec:
         - name: "STATE"
           value: "pending"
         - name: "GITLAB_HOST_URL"
-          value: "{{ .Values.gitlab.host }}"
+          value: "$(params.git-source-url)"
         - name: "REPO_FULL_NAME"
           value: "$(params.gitfullrepositoryname)"
         - name: "GITLAB_TOKEN_SECRET_NAME"
-          value: {{ .Values.gitlab.webhook.existingSecret }}
+          value: ci-gitlab
         - name: "GITLAB_TOKEN_SECRET_KEY"
           value: token
         - name: "SHA"

charts/pipelines-library/templates/resources/gitservers/eventlistener.yaml

@@ -0,0 +1,37 @@
+{{- range .Values.gitServers }}
+{{- if and (has .gitProvider $.Values.global.gitProviders) .eventListener.enabled }}
+apiVersion: triggers.tekton.dev/v1beta1
+kind: EventListener
+metadata:
+  name: edp-{{ .gitProvider }}
+  labels:
+    {{- include "edp-tekton.labels" $ | nindent 4 }}
+spec:
+  triggers:
+    - triggerRef: {{ .gitProvider }}-build
+    - triggerRef: {{ .gitProvider }}-review
+  resources:
+    kubernetesResource:
+      spec:
+        template:
+          spec:
+            serviceAccountName: tekton-triggers-sa-{{ $.Release.Namespace }}
+            containers:
+              - name: ''
+                resources:
+                  {{- toYaml .eventListener.resources | nindent 18 }}
+            {{- with .eventListener.nodeSelector }}
+            nodeSelector:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            {{- with .eventListener.affinity }}
+            affinity:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            {{- with .eventListener.tolerations }}
+            tolerations:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+{{- end }}
+---
+{{- end }}